I am having a problem w/ either OpenLDAP and/org pam_ldap. I have the
LDAP server running, pam_ldap configured w/ nss_ldap. If I turn the ACL
off in the slapd.conf file everything works fine. (albeit- Insecure)
However, using the following access lines result in a non-functioning
pam_ldap system.
access to attrs=userPassword
by self write
by anonymous auth
by dn="cn=manager,dc=VirtualSMF,dc=net" write
by * none
access to *
by self write
by dn="cn=manager,dc=VirtualSMF,dc=net" write
by * read
Once these permissions are installed, nothing is able to see the
userPassword attribute. The ldap.log file looks OK to me, but the record
returned doesn't show the password. EG:
$ ldapsearch -x -b 'uid=sferris,ou=People,dc=example,dc=net'
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
# sferris,People,dc=example,dc=net
dn: uid=sferris,ou=People,dc=example,dc=net
uid: sferris
cn: Shawn M Ferris
objectClass: account
objectClass: posixAccount
objectClass: top
gidNumber: 500
homeDirectory: /home/sferris
gecos: Shawn M Ferris
loginShell: /bin/bash
uidNumber: 500
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
------------------------------------------------------------------------
----
/var/log/ldap.log:
slapd[21321]: daemon: conn=4 fd=7 connection from IP=192.168.0.1:50484
(IP=0.0.0.0:34049) accepted.
slapd[21321]: conn=4 op=0 BIND dn="" method=128
slapd[21321]: conn=4 op=0 RESULT tag=97 err=0 text=
slapd[21321]: conn=4 op=1 SRCH
base="uid=sferris,ou=People,dc=example,dc=net" scope=2
filter="(objectClass=*)"
slapd[21321]: conn=4 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[21321]: conn=4 op=2 UNBIND
slapd[21321]: conn=-1 fd=7 closed
------------------------------------------------------------------------
----
Can anyone help me.. I'm at my wits end. I've been working on this for 2
weeks now and have looked far and wide on the net to noavail.
I would greatly appreciate all help provided!
Shawn Ferris 8)
Oracle DBA
